Improper Input Validation vulnerability in Progress LoadMaster allows OS Command Injection
CVE-2024-8755

9.8CRITICAL

Key Information:

Vendor: Progress
Status: Loadmaster
Vendor: CVE Published:; 11 October 2024

What is CVE-2024-8755?

An improper input validation vulnerability exists in Progress LoadMaster, which allows authenticated users to execute OS commands through input manipulation. This flaw can impact the integrity of the device and may lead to unauthorized access to system commands, giving a potential attacker the ability to control the affected system. The vulnerability affects multiple versions of LoadMaster, including versions ranging from 7.2.48.12 to 7.2.60.1, as well as other associated products.

Affected Version(s)

LoadMaster 0 < 7.2.61.0

References

https://support.kemptechnologies.com/hc/en-us/articles/30...

vendor-advisory

CVSS V3.1

Score:

9.8

Severity:

CRITICAL

Confidentiality:

High

Integrity:

High

Availability:

High

Attack Vector:

Network

Attack Complexity:

Low

Privileges Required:

None

User Interaction:

None

Scope:

Unchanged

Timeline

Vulnerability published
Oct 11, 2024
Vulnerability Reserved
Sep 12, 2024

Credit

Huydoppa from giaohangtietkiem.vn

JSON